CustomCMS Persistent XSS Vulnerability

======================================
CustomCMS Persistent XSS Vulnerability
======================================


1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /' \            __  /'__`\        /\ \__  /'__`\                   0
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ >> Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0  [+] Site            : Inj3ct0r.com                                  0
1  [+] Support e-mail  : submit[at]inj3ct0r.com                        1
0                                                                      0
1               ##########################################             1
0               I'm Sid3^effects member from Inj3ct0r Team             1
1               ##########################################             0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1

Name : CustomCMS Persistent Xss Vulnerability
Date : july 13,2010
Critical Level     : HIGH
vendor URL :http://customcms.net/
Price:55$
Author : Sid3^effects aKa HaRi
special thanks to : r0073r (inj3ct0r.com),L0rd CruSad3r,MaYur,MA1201,KeDar,Sonic,gunslinger_
greetz to :www.topsecure.net ,All ICW members and my friends :) luv y0 guyz
#######################################################################################################
Description
Custom CMS Gaming is a Content Management System geared towards all Gamers that would like to maintain and create fully functional gaming

sources. Whether you're interested in running your gaming site as a hobby or as a serious online venture, Custom CMS Gaming makes it easy for

all users to create & manage the Gaming website they've always dreamed of.
#######################################################################################################
Xploit: Persistent Xss Vulnerability


The attacker can insert the xss script in the profile section in the following fields

1.Details option
2.Gaming Connections option
3.My Contact Info option
4.Options  option

Attack Pattern:">><marquee><h1>XSS3d By Sid3^effects</h1><marquee> once inserted goto check your profile.


Demo url : http://customcms.net/demo/usercp/profile/edit/    ----> Go here and insert your xss script :)

#######################################################################################################
# 0day no more
# Sid3^effects



#  0day.today [2018-01-09]  #